llDemonll Posted February 13, 2009 Share Posted February 13, 2009 function fCleanString($UserInput){ $UserInput = strip_tags($UserInput); $UserInput = str_replace("'", "''", $UserInput); return $UserInput; } that is a simple function I have set up to strip single apostrophes out of my database entries and replace them with two so it wont break the function. ever since xfering it over to a new server (php 5, same as the old one) it hasn't been working and has been giving me an error (breaking code right where the apostrophe would be located). help appreciated, thanks! Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/ Share on other sites More sharing options...
rhodesa Posted February 13, 2009 Share Posted February 13, 2009 what kind of errors are you seeing? this is to prep data for a database? double single quotes is a MSsql specific thing...did you switch to a MySql DB by any chance? Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761017 Share on other sites More sharing options...
llDemonll Posted February 13, 2009 Author Share Posted February 13, 2009 MySQL 4.1.22 is the server version, both were mysql servers using phpmyadmin and yea, it takes the input from a textbox with $_GET, and runs the function on it and assigns it to a new variable, and that variable is what gets put into the database $strName = fCleanString($_GET['strName']); $strSQL = "UPDATE database SET name='$strName', address='$strAddress', address2='$strAddress2', ....more of these.... WHERE CompanyID='$updateID'"; mysql_query($strSQL) or die('Update Insert error: ' . mysql_error()); gives the same error for the insert function. the error it's throwing is: Update Insert error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '8240 Resurrection Drive', address2='', city='Anchorage', state='AK', statefull='' at line 2 but its not line 2, its 2xx i think, cuz the update function isnt til a ways down on the page. as you can see the part where it's breaking is right after the first address insert. this error was copied where $strName was input as Paw Prince', 8240 Resurrection Drive is what $strAddress is, and $strAddress2 is blank tell me if you want a bigger code snippet to look at. Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761057 Share on other sites More sharing options...
rhodesa Posted February 13, 2009 Share Posted February 13, 2009 as stated...turning single quotes to double single quotes is a MSSQL thing. for MySQL, change your function to: function fCleanString($UserInput){ return mysql_real_escape_string(strip_tags($UserInput)); } Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761078 Share on other sites More sharing options...
llDemonll Posted February 13, 2009 Author Share Posted February 13, 2009 missed that, thought it was a typo. so figured out that function puts a \ in front of \r, \n, \x00, \x1a, ' and '', but now in the database it goes in as Paw Prince\'s, should i just make a function to strip that slash after? seems like stripslashes should be ooutside the real_escape..but then it seems counter-productive Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761087 Share on other sites More sharing options...
rhodesa Posted February 13, 2009 Share Posted February 13, 2009 you probably have magic_quotes enabled...you should disable them if you can...read up on that here: http://us.php.net/manual/en/security.magicquotes.disabling.php you can see if they are enabled with: <?php if(get_magic_quotes_gpc()) print "Magic Quotes Enabled"; else print "Magic Quotes Disabled"; ?> Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761092 Share on other sites More sharing options...
llDemonll Posted February 13, 2009 Author Share Posted February 13, 2009 sweet read up on that magic quotes thing and fixed it, thanks for all the help problem solved Link to comment https://forums.phpfreaks.com/topic/145030-str_replace-not-working/#findComment-761115 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.